Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability

Subscribe

Check Point Reference: CPAI-2008-134
Date Published:
Severity:
Last Updated:
Source: Apache Tomcat
Industry Reference(s): CVE-2008-2938
Protection Provided by: VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
VSX
  • NGX R65
InterSpect
  • NGX
Connectra
  • NGX R62
  • NGX R61
IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Apache Software Foundation Tomcat Prior to 6.0.18
Vulnerability Description
A directory traversal vulnerability was reported in Apache Tomcat. Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies, and is a popular and common platform for deploying web applications. This vulnerability allows a hacker to access normally-inaccessible files and directories through a specially-created HTTP request. Instead of having access only to the publically-available files, the hacker can have access to all files on that server using this vulnerability.
Update/Patch Available
Update to version 6.0.18:
Apache Tomcat
Vulnerability Details
The vulnerability is due to an input validation error in the Apache Tomcat that fails to properly sanitize the URI for directory traversal patterns. A remote attacker may trigger this issue by specially crafting an HTTP request and sending it to an affected server. Successful exploitation of this vulnerability may allow the attacker to disclose or access arbitrary files on the target system.

Protection Overview
By enabling this protection, SmartDefense will detect and block malformed HTTP requests sent to the vulnerable server. No update is required to address this vulnerability except for IPS-1.

To configure the defense, select your product from the list below and follow the related protection steps.

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Directory Traversal.
2. In the configuration pane, under Settings > Mode, check Active.
3. The protection can be applied either to all HTTP traffic or to selected web servers.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the Web Intelligence tree, click Application Layer.
2. Select the following:

Directory Traversal

3. The protection can be applied either to all HTTP traffic or to selected web servers.
4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow

VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Directory Traversal.
2. In the configuration pane, under Settings > Mode, check Active.
3. The protection can be applied either to all HTTP traffic or to selected web servers.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click Application Layer.
3. Select the following:

Directory Traversal

4. The protection can be applied either to all HTTP traffic or to selected web servers.
5. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow

Connectra NGX R62 & R61

How Can I Protect My Network?
1. In the left-hand menu, click Security > Web Intelligence.
2. In the Application Layer Protection pane, select the following:

Directory Traversal

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
Upon attack, the following entry will be logged:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the IIS Attacks protection group.
3. Click Filename goes past root (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entry will be logged:

Alert Name: www2_iis
Description: filename_goes_past_root_alert